KLA10665 Obtain sensitive information vulnerability in VMware vCenter Server

Improper certificate validation was found in VMware vCenter Server. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a traffic interception. Technical details This vulnerability can be exploited when vCenter Server...

mitmproxy kit using the Raiders and customization-bug warning-the black bar safety net

mitmproxy is a support for HTTPSMiTM proxy tool. Different from Fiddler2, and burpsuite, etc. similar function tools, mitmproxy can be in the terminal under the run. mitmproxy in Python development, is to assist the web development&testing, debugging, penetration testing tool. The working princip...

Weaponized Drones For Police Now Legal In North Dakota

Drones also known as Unmanned Aerial Vehicles UAVs have contributed enormously by acting as an interface for conducting surveillance operations, or delivering products, or attacking a war site to name a few. We have seen Drones like 'Snoopy' that are capable to intercept data from your Smartphone...

NetRipper - Smart Traffic Sniffing for Penetration Testers

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption. NetRipp...

Your GPS Location and Calls Can be Spied Using Network Vulnerability

Yes, you heard it right. It's the dirty truth that’s featuring what is being called the largest privacy breach ever. Billions of cell phone users are at risk of a vulnerability in the SS7 inter-carrier network that allows hackers and spies agencies to track locations and intercept all voice calls...

CVE-2015-3155

Foreman before 1.8.1 does not set the secure flag for the sessionid cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Foreman before 1.8.1 does not set the secure flag for the sessionid cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Lenovo Hit With Criticism Over Second Rootkit-Like Utility

Lenovo is under fire again for installing a covert utility on laptops and desktops that some users have compared to a rootkit. The issue stems from a utility called the Lenovo Service Engine, that is designed to collect some system information and send it to Lenovo at the time the machine connect...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

Gone in Less Than a Second

LAS VEGAS–Do not let Samy Kamkar near your car. Kamkar has built a new device that is about the size of a wallet and can intercept the codes used to unlock most cars and many garage doors. The device can be hidden underneath a vehicle and when the owner approaches and hits the unlock button on he...

Gratipay: Authentication errors in server side validaton of E-MAIL

To be honest, I'm not sure if there is any real security implications of this bug, but it's something which should be fixed at some point since it'll be pretty easy. I'm going to describe the issue with reproducible steps: 1. Navigate to Gratipay Settings Page...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

金蝶销管家逻辑缺陷重置任意用户密码(工作人员账户测试/秒改)

简要描述： 可绕过验证码直接修改用户密码。 详细说明： 0x1:先信息收集一些工作人员的账户用来测试，来证明漏洞的危害性。 13580111111 13752248075 13456231475 13456879564 15578945623 13456231245 13456231245 13648776985 13400002111 13625668852 15018517663 15915533696 13888888888 13456789123 18090700000 13165454756 13654213923 13654213923 13760368754...

LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks

A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange for both export and non-export grade cipher suites. An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lea...

Cisco ASA Message Authentication Code Vulnerability (Cisco-SA-20150714-CVE-2015-4458)

Cisco ASA is prone to a Message Authentication Code checking vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

OpenSSL Man-in-the-Middle Attack Vulnerability (CNVD-2015-04454)

OpenSSL is an open source capable of implementing Secure Sockets Layer and Secure Transport Layer protocols for general-purpose cryptographic libraries , which supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms , secure hash algorithms and so on. The...

Three Politicians Hacked Using Unsecured Wi-Fi Network

If you are one of our readers who follow The Hacker News every update, you probably know that Public WiFi network is a security risk. But many people aren’t aware, including our great politicians. Internet security provider F-Secure carried out an experimental hack against three prominent UK...

The vulnerability of Cisco ASA network firewalls allows attackers to gain access to traffic transmitted via IPSec and IKEv2 protocols.

The vulnerability of the Cisco ASA firewall’s cryptographic module is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to traffic transmitted via IPSec and IKEv2 protocols through a “man-in-the-middle...

Hackers Exploit Zero-Day Magento Vulnerability to Steal Your Credit Cards

Hackers are increasingly exploiting an unknown flaw to siphon payment card information from e-commerce websites that use Magento, the most popular e-commerce platform owned by eBay. Security researchers at Sucuri are still investigating the attack vector, but they believe that cyber criminals are...

Technical analysis: Femtocell home base station to a communication to intercept, fake arbitrary SMS vulnerability-vulnerability warning-the black bar safety net

Ali mobile security team with the Chinese Thiel Laboratory of wireless technology Ministry of communication experts together, the combination of domestic operator a type of Femtocell base station for the security analysis, found that the more pieces of the major vulnerabilities that can lead to...